|
Anti Phishing Toolbars - Can You Trust Them? |
|
|
|
Source: Dancho Danchev - Posted by Eric Lubow
|
A lot of recent phishing events occured, and what should be mentioned is their constant ambitions towards increasing the number of trust points between end users and the mirror version of the original site. The use of SSL and the ease of obtaining a valid certificate for to-be fraudelent domain is a faily simple practice. Phishing is so much more than this, and it even has to do with buying 0day vulnerabilities to keep itself competitive. How should phishing be fought? Educating the end user not to trust that he/she's on Amazon.com, when he just typed it, or enforcing a technological solution to the problem of digital social engineering and trust building?
As far as trends are concerned, according to the AntiPhishingGroup's latest report:
- Number of unique phishing reports received in December: 15244
- Number of unique phishing sites received in December: 7197
- Number of brands hijacked by phishing campaigns in December: 121
- Number of brands comprising the top 80% of phishing campaigns in December: 7
- Country hosting the most phishing websites in December: United States
- Contain some form of target name in URL: 51 %
- No hostname just IP address: 32 %
- Percentage of sites not using port 80: 7 %
- Average time online for site: 5.3 days
- Longest time online for site: 31 days
Read this full article at Dancho Danchev
Powered by AkoComment! |
